CVE-2012-1005
published 2012-02-07CVE-2012-1005: Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.62%
73.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sphinx-soft | mobile_web_server | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cxgx-c6gj-qh93: Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3
ghsa_unreviewed·2022-05-17
CVE-2012-1005 [MEDIUM] CWE-79 GHSA-cxgx-c6gj-qh93: Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt.
Red Hat
ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
vendor_redhat·2012-10-05·CVSS 5.0
CVE-2012-4481 [MEDIUM] ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Red Hat
ruby: safe level bypass via name_err_mesg_to_str()
vendor_redhat·2012-10-02·CVSS 5.0
CVE-2012-4466 [MEDIUM] CWE-266 ruby: safe level bypass via name_err_mesg_to_str()
ruby: safe level bypass via name_err_mesg_to_str()
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
Package: ruby (Red Hat Enterprise Linux 5) - Not affected
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
Red Hat
1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
vendor_redhat·2012-09-28·CVSS 5.0
CVE-2012-4464 [MEDIUM] CWE-266 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
Statement: Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6 as they did not provide version 1.9.x, which is the vulnerable version of ruby.
Package: ruby (Red Hat Enterprise Linux 5) - Not affected
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Bugzilla
CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
bugzilla·2012-10-05·CVSS 5.0
CVE-2012-4481 [MEDIUM] CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
Originally, Common Vulnerabilities and Exposures assigned an identifier of CVE-2011-1005 to the following vulnerability:
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
with the following upstream patch:
[1] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=30903&view=revision
Based on later upstream patch for different (CVE-2012-4464 and CVE-2012-4466) issues:
[2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
it was found that original upstream 1.8.x ruby patch for CVE-2011-1005
Bugzilla
ruby: safe level bypass via name_err_mesg_to_str()
bugzilla·2012-10-03·CVSS 5.0
CVE-2011-1005 [MEDIUM] ruby: safe level bypass via name_err_mesg_to_str()
ruby: safe level bypass via name_err_mesg_to_str()
As noted in bug #862598:
Originally, Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1005 to the following vulnerability:
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
Later it was reported:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689075
[2] http://www.openwall.com/lists/oss-security/2012/10/02/4
that upstream ruby 1.9.1 and ruby 1.9.3 versions are also vulnerable to this flaw.
Relevant upstream patch:
[3] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
There are two issues here:
1) CVE-2011-100
Bugzilla
CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
bugzilla·2012-10-03·CVSS 5.0
CVE-2012-4466 [MEDIUM] CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()
Originally, Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1005 to the following vulnerability:
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
Later it was reported:
[1] http://www.openwall.com/lists/oss-security/2012/10/02/4
that the Ruby name_err_mesg_to_str() method is vulnerable to the similar flaw.
Relevant upstream patch:
[2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
Discussion:
*** Bug 862906 has been marked as a duplicate of this bug. ***
---
Created ruby tracking bugs for this i
http://secpod.org/blog/?p=453http://secunia.com/advisories/47876http://www.securityfocus.com/bid/51820https://exchange.xforce.ibmcloud.com/vulnerabilities/72913http://secpod.org/blog/?p=453http://secunia.com/advisories/47876http://www.securityfocus.com/bid/51820https://exchange.xforce.ibmcloud.com/vulnerabilities/72913
2012-02-07
Published